Subscribe to our Resources Blog RSS feed to stay up-to-date on latest news.
The power of Network Access Control (NAC) to regulate access to corporate network resources and bolster the security of a proprietary network via a defined security policy cannot be overstated. Although there are quite a few considerations when choosing a NAC solution that is enterprise and end-user dependent, there are several major considerations that cut across network user classifications.
In order to bolster the security of a proprietary network, NAC solutions must provide comprehensive authentication and authorization functionality for potential users. This means verifying logon information, restricting data access for each particular user, as well as implementing anti-threat applications such as firewalls, antivirus software, and spyware-detection programs. NAC solutions must also be able to regulate and restrict the things individual subscribers can do once they are connected.
Many network environments for corporations and agencies where the user environment can be rigidly controlled are ideal for NAC solutions. It is in a broader business and institutional world, where a large user base is constantly growing and changing along with its device access points and choices, that NAC solutions must become more nuanced.
Many of these enterprises should first ask themselves if the NAC solution will easily and seamlessly integrate with their current network topology. Some NAC solutions sit between access and core switches to enforce policies. Since many data centers, such as those for universities and institutions of higher learning, can often use a mix of switches, this scenario requires any NAC solution to be compatible with existing network topology. This becomes less of a consideration where switch upgrades are part of a planned infrastructure upgrade or part of a new system.
One of the primary considerations when evaluating an NAC solution is making decisions on what type of authentication mechanism is desired. IT departments and network administrators have found that NAC solution providers generally fall into the categories of encouraging 802.1X on wired switches and wireless networks, and those that develop ways to work around it. Once again, this decision has an impact on current network topology.
When it comes to network visibility and control, NAC solutions must be highly adaptable to the new and emerging network landscape of cloud computing, VPN, and specifically, BOYD environments. This means that those enterprise or organization networks considering a NAC solution must look at integration from the standpoint of their end user base.
A modern NAC solution must be capable of interfacing with an enterprise's endpoint protection products. In addition, those networks that rely on BOYD access for their user base must consider a NAC solution that either automates or greatly simplifies the device enrollment into an enterprise's mobile device management (MDM) system.
Compliance is always a key consideration when looking at a NAC solution. Organizations fall under various regulatory or industrial compliance requirements, such as PCI DSS (credit card information), HIPAA (patient health information), and Sarbanes-Oxley (business and financial data). The chosen NAC must not only meet these requirements, it must also be able to streamline the process of compliance auditing for the enterprise in question.
Ultimately, operational efficiency is as crucial to an enterprise’s network as data security. Consequently, the NAC solution must be able to perform its functions in ways that maximize the speed of authorized data throughput. This is critical for almost every enterprise’s bottom line as well as the maximization of user-base satisfaction. In almost every case, the two are inextricably intertwined.